System for controlling a power transmission system

ABSTRACT

A power transmission system includes a plurality of electrical substations and a plurality of transmission lines arranged to connect the plurality of electrical substations to form a power transmission network; and a controller system arranged to control a power transmission within the power transmission network. The controller system includes: a detection module arranged to detect an occurrence of a fault in at least one faulty electrical substation of the plurality of electrical substations; and a restoration module arranged to at least temporally maintain an output power of the at least one faulty electrical substation; and wherein at least one of the plurality of electrical substations is operable to facilitate maintaining of the output of the at least one faulty electrical substation upon the detection of the occurrence of the fault.

TECHNICAL FIELD

The present invention relates to a system for controlling a power transmission system and a power transmission system, although not exclusively, to a controller system for power transmission systems using a petri net fault diagnosis and restoration algorithm which may avoid large area blackouts.

BACKGROUND

Electrical power may be generated in power stations or power plants. Usually power stations are designed to generate large amount of power sufficient for the consumption within a predetermined coverage of geographical areas. Due to the large infrastructures, the operation considerations and the safety requirements, these power stations may be preferably built remote to the positions where the generated power may be eventually consumed, such as in premises of urban regions.

To facilitate the transmission of the generated electrical power from the power stations which may be remote from the end users, power transmission systems may be included to facilitate the power transmission. In some designs of the power transmission systems, intermediate electrical substations may be included to form connections between the power stations and the consumption area with a power transmission network which may be large enough to facilitate the power transmission requirement.

SUMMARY OF THE INVENTION

In accordance with a first aspect of the present invention, there is provided a system for controlling a power transmission system comprising: a detection module arranged to detect an occurrence of a fault in at least one faulty electrical substation of a plurality of electrical substations of the power transmission system; and a restoration module arranged to at least temporally maintain an output power of the at least one faulty electrical substation; wherein at least one of the plurality of electrical substations is operable to facilitate maintaining the output of the at least one faulty electrical substation upon the detection of the occurrence of the fault.

In an embodiment of the first aspect, the fault is a failure of receiving an input power from an original energy source in the at least one faulty electrical substation.

In an embodiment of the first aspect, the restoration module is further arranged to activate an auxiliary energy source arranged to at least temporally maintain the output power of the at least one faulty electrical substation.

In an embodiment of the first aspect, the auxiliary energy source includes at least one healthy electrical substations of the plurality of electrical substations, wherein the at least one healthy electrical substation is different from the at least one faulty electrical substation.

In an embodiment of the first aspect, at least two of the plurality of electrical substations is electrically interconnected.

In an embodiment of the first aspect, the at least two interconnected electrical substations include the at least one faulty electrical substation and the at least one healthy electrical substation, the at least one healthy electrical substation is configured to supply the input power to the at least one faulty electrical substation interconnected thereto so as to maintain the output of the at least one faulty electrical substation upon the occurrence of the fault.

In an embodiment of the first aspect, the at least two interconnected electrical substations belong to a same tier of a hierarchy of the power transmission system.

In an embodiment of the first aspect, the at least two interconnected electrical substations belong to a same stage of different branches of the power transmission system.

In an embodiment of the first aspect, the electrical connectivity between the interconnected electrical substations are controlled by the restoration module.

In an embodiment of the first aspect, the auxiliary energy source includes an energy storage system.

In an embodiment of the first aspect, the detection module is arranged to detect the occurrence of the fault by monitoring variations of the input power and the output power of the plurality of electrical substations.

In an embodiment of the first aspect, the detection module is further arranged to monitor transitions associated with the variations of the input power and the output power.

In an embodiment of the first aspect, the detection module is further arranged to compare a monitored parameter associated with the input power, the output power and the transitions monitored by the detection module with a predetermined threshold, such that the detection module is further arranged to determine the occurrence of the fault based on a comparison result associated with the compared monitored parameter and the predetermined threshold.

In an embodiment of the first aspect, the detection module is arranged to represent the plurality of electrical substations and the monitored transitions as one or more petri nets.

In accordance with a second aspect of the present invention, there is provided a power transmission system comprising: a plurality of electrical substations and a plurality of transmission lines arranged to connects the plurality of electrical substations to form a power transmission network; and a controller system arranged to control a power transmission within the power transmission network, wherein the controller system includes: a detection module arranged to detect an occurrence of a fault in at least one faulty electrical substation of the plurality of electrical substations; and a restoration module arranged to at least temporally maintain an output power of the at least one faulty electrical substation; and wherein at least one of the plurality of electrical substations is operable to facilitate maintaining of the output of the at least one faulty electrical substation upon the detection of the occurrence of the fault.

In an embodiment of the second aspect, the fault is a failure of receiving an input power from an original energy source in the at least one faulty electrical substation.

In an embodiment of the second aspect, at least two of the plurality of electrical substations are electrically interconnected, and when the at least two interconnected electrical substations include the at least one faulty electrical substation and at least one healthy electrical substation, the at least one healthy electrical substation is configured to supply the input power to the at least one faulty electrical substation interconnected thereto so as to maintain the output of the at least one faulty electrical substation upon the occurrence of the fault.

In an embodiment of the second aspect, the power transmission system further comprises an electrical switch arranged to selectively connect the at least two interconnected electrical substations electrically, wherein the electrical switch is controlled by the restoration module.

In an embodiment of the second aspect, the restoration module further comprises an energy storage system arranged to temporally maintain the output power of the at least one faulty electrical substation.

In an embodiment of the second aspect, the detection module further comprises an electrical sensing module arranged to obtain electrical parameters associated with the input power and the output power so as to facilitate the detection of the occurrence of the fault in the plurality of the electrical substations based on the electrical parameters.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present invention will now be described, by way of example, with reference to the accompanying drawings in which:

FIG. 1 is block diagram showing a power transmission system in accordance with one embodiment of the present invention;

FIG. 2 is an illustration of a finite capacity Petri net;

FIG. 3A is an illustration showing an example TPTS of WLC/NUC;

FIG. 3B is an illustration a C-TPTS model representing the TPTS of FIG. 3A using petri net representation;

FIG. 4A is an illustration showing a portion of the C-TPTS model representing a fault that occurs in p₃;

FIG. 4B is an illustration showing the C-TPTS model in FIG. 4A at a state after t₄ firing twice;

FIG. 4C is an illustration showing the C-TPTS model in FIG. 4A at a state when a large area blackout occurs in p₃ after t₄ fires five times;

FIG. 4D is an illustration showing the fault occurrence evolution in p₃ of FIG. 4A;

FIG. 5A is an illustration showing a petri net representation of an ES p_(k);

FIG. 5B is an illustration showing a petri net representation of the supervisor of the ES p_(k) of FIG. 5A;

FIG. 5C is an illustration showing a petri net representation of a combined system of ES p_(k) of FIG. 5A and the supervisor of the ES p_(k) of FIG. 5B;

FIG. 6A is an illustration showing a petri net representation of the combined system of FIG. 5C in accordance with the ES p₃ in FIG. 4A when a fault occurs in the input lines of p₃;

FIG. 6B is an illustration showing a petri net representation of the combined system of FIG. 6A when the fault may be detected;

FIG. 6C is an illustration showing a petri net representation of the combined system of FIG. 6A when the fault is detected;

FIG. 7A is an illustration showing a petri net representation of a paired of preconnected ESs p_(k) and p₁;

FIG. 7B is an illustration showing a petri net representation of the ESs of FIG. 7A with the combination structure of p_(k), the supervisor N_(s) ^(pk) of p_(k), and the solution p₁ of p_(k);

FIG. 8A is an illustration showing a petri net representation of the ES p₃ and its solution p₄ in accordance with FIG. 4A when a fault occurs;

FIG. 8B is an illustration showing a petri net representation of the ESs p₃ and p₄ of FIG. 8A with the supervisor of p₃ in accordance with FIG. 7B;

FIG. 8C is an illustration showing a petri net representation of the combined system of FIG. 8B when the fault may be detected;

FIG. 8D is an illustration showing a petri net representation of the combined system of FIG. 8B when the fault is detected; and

FIG. 8E is an illustration showing the evolution of whole processes in p₃ of FIG. 8B, including the fault detection and restoration processes.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The inventors have, through their own research, trials and experiments, devised that electric energy may be transmitted by power transmission systems such as traditional power transmission systems (TPTSs). A TPTS is a critical infrastructure, which may be composed of many electrical substations (ESs) and transmission lines. However, the instability of transmission lines usually causes many serious blackout events such as large area blackouts that will bring about disastrous economic losses. Battery energy storage systems may be installed at ESs for load leveling and relay protection. If a fault occurs in an ES, the battery energy storage system can continually supply electric power for its output. However, the capacities of batteries may be limited and thus the faults should be promptly detected and restored so as to avoid large area blackouts.

Expert system techniques may also be considered to implement fault detection and restoration in TPTSs. For example, a bayesian network for fault diagnosis on distribution feeders based on expert knowledge may be used. Alternatively, a fault diagnosis expert system aim at fault diagnosis in electric power systems may be used, such fault diagnosis expert system is integrated with several subsystems. In yet another alternative embodiment, a power system restoration method may include using an expert system and a mathematical programming approach. The target system for fault restoration is formulated as a mathematical programming problem. In these expert systems, the expert knowledge is optimized and updated with the information from continuous learning systems. However, the system information may also be interfered after the fault occurrence. It may affect the performance and reliability of expert systems.

Smart grids, also known as new generation power grids, may use advanced control systems to control TPTSs to perform automatic fault detection and restoration. Therefore, a reliable control system is extremely important for the automatic fault detection and restoration of smart grids.

Preferably, multi-agent technologies may be used as a method for the control systems of smart grids. A control system may be implemented based on multi-agent methods to perform fault detection and restoration for a navy ship system. It may detect and restore faults but only for a simplified system. In some other examples, various control systems based on multi-agent methods for fault detection and restoration may be implemented. The faults may be detected and restored by agents. However, these control systems are not formally modelled and verified by any formal method. The function blocks of IEC61499 provide a structure to model the industrial systems. For example, a control system by the forms of function blocks may be designed to perform fault detection and restoration for smart grids. The control system may be simulated by using Matlab-based simulation environment but lacks any formal verification.

The control systems of smart grids are typical discrete event systems. Petri nets, a graphical and mathematical tool, may be used to describe and analyze discrete event systems. It is possible to create mathematical models, state equations, and algebraic equations to analyze and verify the behavior of discrete event systems by using Petri nets. For example, Petri nets may be used to simulate supervisors to effectively prevent deadlocks in flexible manufacturing systems.

In power systems, Petri nets may also be used to evaluate the reliability and security of protection systems. A fuzzy Petri net technique may be used to deal with incomplete and uncertain alarms generated by protective relays and circuit breakers. Alternatively, a method based on Petri nets may be used to detect and localize faults in smart grids. The faults may be detected by computing the incidence matrices of Petri net models. However, the Petri net models and fault computations are complex and inefficient for large-scale smart grids. The fault restoration is neglected.

The inventors also devise that some of these control systems may be effective but complex because of a large number of ESs. They can detect and restore faults but do not consider large area blackout avoidance during the fault detection and restoration. Large area blackouts are intolerable in some special areas such as the hospitals, communication departments, and large-scale steel production manufacturers. Moreover, some of these methods are not formally described and verified.

With reference to FIG. 1, there is shown a power transmission system 100 comprising: a plurality of electrical substations 102 and a plurality of transmission lines 104 arranged to connects the plurality of electrical substations 102 to form a power transmission network 108; and a controller system 106 arranged to control a power transmission within the power transmission network 108, wherein the controller system 106 includes: a detection module 110 arranged to detect an occurrence of a fault in at least one faulty electrical substation of the plurality of electrical substations 102; and a restoration module 112 arranged to at least temporally maintain an output power of the at least one faulty electrical substation; and wherein at least one of the plurality of electrical substations 102 is operable to facilitate maintaining of the output of the at least one faulty electrical substation upon the detection of the occurrence of the fault.

In this embodiment, the controller system 106 is arranged to control all the power transmission activities within the power transmission network 108. The power transmission network 108 includes a plurality of electrical substations 102 (ESs) each connected to at least one adjacent electrical substation, a power source such as a power station 114 (or a subsequent conversion stage) and/or at least one electrical output load connected at a user end 116. The power transmission network 108 also includes a plurality of power transmission lines 104 for connected the above stages and/or electrical substations 102. Preferably, the distributed ESs 102 of the power transmission system 100 may form a hierarchy in the power transmission system 100. For example, the ESs may be divided into three layers or tiers, i.e., high, medium, and low voltage ESs, according to the three electric power transmission processes or stages, i.e., transmission, subtransmission, and distribution. Alternatively, the electrical substations 102 may be divided or grouped into different numbers of layers or tiers in the power transmission network 108.

In an example operation, a fault may occur when there is a failure of receiving an input power from an original energy source in a faulty ES 102. This may include a fault in an input source such as a power station 114 or an ES 102 in a higher tier or earlier stage for supplying a power input to the one in a lower tier or a later stage, or a failure in a transmission line 104 connecting the interconnected ESs in different stages. Subsequently, without a normal input power supply, the faulty ES may fail to provide a normal output to the later stages in the power transmission network 108. If the faulty ES is located in any of the earlier stages within the power transmission network 108, all of the later stages in the power transmission network 108 may not operate normally to supply electrical power to the end users 116, and may cause a large area blackout (LAB).

In the power transmission network 108, preferably, at least two of the plurality of the electrical substations 102 are interconnected, and preferably at least two of the plurality of the electrical substations 102 belong to a same tier of a hierarchy of the power or belong to a same stage of different branches of the power transmission system 100. In addition, the connectivity of the two interconnected electrical substations 102 is controlled by the restoration module 112, preferably by including at as an electrical switch controllable by the restoration module 112 to selectively connect the interconnected ESs that may be grouped in a same tier or stage within the power transmission network 108.

In an exemplary embodiment, if an occurrence of a fault in an ES is detected by the detection module 110 of the controller system 106, one or more of the healthy ESs (that is different from the faulty ES) preconnected to the faulty ES in the power transmission network 108 may be selected and activated to supply electric power to the faulty ES and the fault is restored. In this example, such healthy ES(s) may be used as an auxiliary energy source that may be used to at least temporally maintain the output power of the faulty electrical substation by supplying an input power to the faulty ES upon an occurrence of the fault. Therefore, the ES in the power transmission network 108 can uninterruptedly supply electric power for its output during the fault detection and restoration and a large area blackout is avoided. More examples of the detection and restoration schemes or algorithm will be discussed in later parts of this disclosure.

Optionally or additionally, the restoration module 112 may include an energy storage system as an additional or alternative auxiliary energy source to at least temporally maintain the power output of the faulty ES to the later stages in the power transmission network 108. Preferably, the energy storage system may be provided as a battery system which may be included in each of the ES 102 in the power transmission network 108, and may be activated by the restoration module 112 to supply a temporal energy source to the faulty ES at least for a certain period before the battery is drained empty, or when then faulty ES is powered by another auxiliary energy source such as the at least one interconnected healthy ES in the previous example.

Preferably, the detection module 110 may be arranged to represent the plurality of the electrical substations 102 and/or power transmission network 108, as well as any transition of states associated with the power transmission and/or the conversion occurred in the electrical substations 102 and monitored by the detection module 110 of the controller system 106, as one or more petri nets. The representation may be further processed by a processing module, which may include any processor, controller or processing units such as but not limited to a programmable logic device (PLD), a (field-)programmable gate array (FPGA), application-specific integrated circuit (ASIC), etc. Such processing module may be implemented as a part of the detection module 110, or the processing module may be a standalone module in the controller system 106, or the processing module may be arranged to communicate with the controller system 106 but is not included in the controller system 106.

In one example embodiment, the representation may involve a finite capacity Petri net. A finite capacity Petri net is a five-tuple N=(P, T, F, W, C), where P and T are finite, disjoint, and non-empty sets. P is a set of places and T is a set of transitions. F⊆(P×T)∪(T×P) is a flow relation represented by arcs with arrows from places to transitions or from transitions to places. W: F→

is a mapping that assigns a weight to an arc, where

is the set of non-negative integers. C: P→

is a mapping that assigns a capacity to a place. A finite capacity Petri net can be represented by an input matrix [N]⁺ (p, t)=W (t, p) and an output matrix [N]⁻(p, t)=W (p, t), where p∈P and t∈T.

The preset of a node x∈P∪T is defined as ^(•)x={y∈P∪T|(y, x)∈F} and the postset of a node x∈P∪T is defined as x^(•)=(y∈P∪T|(x, y)∈F). For a set of nodes X⊆P∪T, ^(•)X=∪_(x∈X) ^(•)x and X^(•)=∪_(x∈X) x^(•). |X|denotes the cardinality of X.

A marking M of N is a mapping from P to

. M (p) denotes the number of tokens in place p. Place p is marked by marking M if M (p)>0. (N, M₀) is called a net system, where M₀ is the initial marking of N.

In a finite capacity Petri net, t∈T is enabled at marking M if ∀p∈^(•)t, M (p)≥W (p, t) and ∀p′ ∈t^(•), M (p′)≤C (p′)−W (t, p′), which is denoted as M [t

. If t fires, a new marking M′ is obtained such that ∀p″∈P, M′ (p″)=M (p″)−W (p″, t)+W (t, p″), denoted by M [t)

M′. Marking M″ is called a reachable marking from M if there exists a transition sequence σ=t₁ t₂ . . . t_(n) such that M [t₁

M₁ [t₂

M₂ . . . M_(n-1) [t_(n)

M″. It is denoted by M [σ

M″. It satisfies M″=M+[N]⁺{right arrow over (σ)}−[N]⁻{right arrow over (σ)}, where {right arrow over (σ)}: T→

is a vector of non-negative integers and {right arrow over (σ)} (t) represents the sum of all occurrences of t in σ. The set of reachable markings from M in N is denoted as

(N, M).

For example, let p∈P be a place. All transitions in ^(•)p∪p^(•) are enabled at marking M if:

$\begin{matrix} {{\forall{t_{i} \in {\,^{\bullet}{p:{\forall{p^{\prime} \in {{}_{}^{}{}_{}^{}}}}}}}},{{M\left( p^{\prime} \right)} \geq {W\left( {p^{\prime},t_{i}} \right)}}} & \left. 1 \right) \\ {{{C(p)} - {M(p)}} \geq {\sum\limits_{t_{i} \in^{\bullet}p}{W\left( {t_{i},p} \right)}}} & \left. 2 \right) \\ {{M(p)} \geq {\sum\limits_{t_{j} \in p^{\bullet}}{W\left( {p,t_{j}} \right)}}} & \left. 3 \right) \\ {{\forall{t_{j} \in {{\, p^{\bullet}}:{\forall{p^{''} \in {\, t_{j}^{\bullet}}}}}}},{{{C\left( p^{''} \right)} - {M\left( p^{''} \right)}} \geq {W\left( {t_{j},p^{''}} \right)}}} & \left. 4 \right) \end{matrix}$

According to Eqs. (1) and (2), if all transitions in ^(•)p∪p^(•) are enabled:

${{C(p)} \geq {\sum\limits_{t_{i} \in^{\bullet}p}{W\left( {t_{i},p} \right)}}} = {\sum\limits_{t_{j} \in p^{\bullet}}{W\left( {p,t_{j}} \right)}}$

Let t₁ and t₂ be two transitions, σ be a transition sequence of t₁ and t₂, and M be a marking. If t₁ and t₂ can fire at marking M:

-   -   t₁ can fire first followed by t₂, denoted as σ=t₁ t₂,     -   t₂ can fire first followed by t₁, denoted as σ=t₂ t₁, or     -   t₁ and t₂ can fire simultaneously, denoted as σ={t₁ t₂}.

In order to describe the simultaneous events of discrete event systems in this paper, an assumption may be made as follows:

Assumption 1: Let N be a finite capacity Petri net with N=(P, T, F, W, C), t₁, t₂, . . . , t_(n)∈T be n (n>1) transitions, and M be a marking of N. If t₁-t_(n) can fire at marking M, then t₁-t_(n) fire simultaneously, denoted as σ={t₁ t₂ . . . t_(n)}.

With reference to FIG. 2, there is shown a finite capacity Petri net, where ^(•)t₁={p₁, p₂}, p₃ ^(••)=t₂ ^(•)∪t₃ ^(•={p) ₄, p₅}, and C (p₃)=W(t₁, p₃)+(W (p₃, t₂)+W(p₃, t₃))=7+(3+2)=12. The input matrix [N]⁺ and output matrix [N]⁻ are:

${\lbrack N\rbrack^{+} = {{\begin{pmatrix} 000 \\ 000 \\ 700 \\ 030 \\ 002 \end{pmatrix}\mspace{14mu}{{and}\mspace{14mu}\lbrack N\rbrack}^{-}} = \begin{pmatrix} 100 \\ 200 \\ 032 \\ 000 \\ 000 \end{pmatrix}}}\mspace{14mu}$

At the initial marking M₀=(4, 8, 5, 6, 4)^(T), transitions t₁-t₃ can fire simultaneously. Let σ₁={t₁ t₂ t₃}. Then, {right arrow over (σ₁)}=(1, 1, 1)^(T). If t₁-t₃ fire simultaneously, a marking M₁ is obtained by: M ₁ =M ₀ +[N] ⁺·{right arrow over (σ₁)}−[N] ⁻·{right arrow over (σ₁)}=(3,6,7,9,6)^(T).

At marking M₁, only t₃ is enabled since: C(p ₃)−M ₁(p ₃)=5<W(t ₁ ,p ₃)=7 and C(p ₄)−₁(p ₄)=0<W(t ₂ ,p ₄)=3.

Let σ₂=t₃. Therefore {right arrow over (σ₂)}=(0, 0, 1)^(T). When t₃ fires, a new marking M₂ is obtained by: M ₂ =M ₁ +[N] ⁺·{right arrow over (σ₂)}−[N] ⁻·{right arrow over (σ₂)}=(3,6,5,9,8)^(T).

At marking M₂, only t₁ is enabled. Let σ₃=t₁. Therefore {right arrow over (σ₃)}=(1, 0, 0)^(T). If t₁ fires, a new marking M₃ is obtained by: M ₃ =M ₂ +[N] ⁺·{right arrow over (σ₃)}−[N] ⁻·{right arrow over (σ₃)}=(2,4,12,9,8)^(T).

At marking M₃, t₁-t₃ are disabled since C(p ₃)−M ₃(p ₃)=0<W(t ₁ ,p ₃)=7, C(p ₄)−M ₃(p ₄)=0<W(t ₂ ,p ₄)=3, and C(p ₅)−M ₃(p ₅)=0<W(t ₃ ,p ₅)=2.

The whole processes can also be represented as: M ₃ =M ₀ +[N] ⁺ ·{right arrow over (σ)}−[N] ⁻·{right arrow over (σ)}=(2,4,12,9,8)^(T),

where σ={t₁ t₂ t₃} t₃ t₁ and {right arrow over (σ)}={right arrow over (σ₁)}+{right arrow over (σ₂)}+{right arrow over (σ₃)}=(2, 1, 2)^(T).

The power transmission system 100 (or sometimes referred as a tradition power transmission system (TPTS) in this disclosure) may composed of a plurality distributed ESs that have input and output lines. These ESs can be divided into three layers, i.e., high, medium, and low voltage ESs, according to the three electric power transmission processes, i.e., transmission, subtransmission, and distribution, as shown in FIG. 1. In a TPTS, the electric power is transmitted from high voltage ESs to medium voltage ESs and is continually transmitted from the medium voltage ESs to low voltage ESs. However, some of the input lines of ESs may be fragile, which may suffer from faults that should be detected and restored quickly. Moreover, large area blackouts may occur in ESs during the fault detection and restoration since the faulty ES cannot supply enough electric power for its output.

In a TPTS, each ES may contain a battery energy storage system that can be considered as an energy storage buffer for the temporary output of the ES during the fault detection and restoration. The batteries of the battery energy storage system have a finite capacity. Therefore, a Capacity-TPTS (C-TPTS) can be defined by finite capacity Petri nets as follows.

Definition 1: A C-TPTS is defined as a finite capacity Petri net N=(P_(h)∪P_(m)∪P₁, T, F, W, C), where:

1) P_(h)≠Ø, P_(m)≠Ø, and P₁≠Ø are the sets of high, medium, and low voltage ESs, respectively, P_(h)∩P_(m)∩P₁=Ø, p_(h) ^(T••)=p_(m) ^(T), and p_(m) ^(T••)=p_(l) ^(T).

2) T is the set of electric power transmission operations.

3) F⊆(P_(h)×T)∪(T×P_(m))∪(P_(m)×T)∪(T×P₁) is the set of electric power transmission arcs.

4) ∀p_(h)∈P_(h), ∃t∈T and ∃p_(m)∈P_(m) such that {p_(h)}=^(•)t and t^(•)={p_(m)}.

5) ∀p_(m)∈P_(m), (a) ∃t∈T and ∃p₁∈P₁ such that {p_(m)}=^(•)t and t^(•)={p₁} and (b) there only exist a transition t′∈T and a place p_(h)∈P_(h) such that {p_(h)}=^(•)t′ and t′^(•)={p_(m)}.

6) ∀p₁∈P₁, there only exist a transition t∈T and a place p_(m)∈P_(m) such that {p_(m)}=^(•)t and t^(•)={p₁}.

7) W: F→

is a mapping that assigns a number of power loads to an electric power transmission arc.

8) C: P→

is a mapping that assigns an electric power capacity to an ES.

In a C-TPTS, ∀p∈(P_(h)∪P_(m)∪P₁), p has input loads (denoted as p^(I)), output loads (denoted as p^(O)), and available loads (denoted as p^(A)) that can be supplied to other ESs to restore faults, where p^(I)≥p^(O). The power balance in p is

$\begin{matrix} {p^{A} = {{p^{I} - p^{O}} = {{\sum\limits_{t_{i} \in^{\bullet}p}{W\left( {t_{i},p} \right)}} - {\sum\limits_{t_{j} \in p^{\bullet}}{{W\left( {p,t_{j}} \right)}.}}}}} & (4) \end{matrix}$

In an example embodiment with reference to FIG. 3A, there is shown a TPTS that may represent the part of West Lake Center/North Urban Center (WLC/NUC) in Tunis (Tunisia). A C-TPTS representation based on the TPTS is shown in FIG. 3B. In this example, the electric power may be transmitted from “North Urban Center” to “SCOGAT” and may be continually transmitted from “SCOGAT” to “Tunisia Leasing” in FIG. 3A. Correspondingly, the electric power is transmitted from p₁ to p₂ by t₂ and is continually transmitted from p₂ to p₃ by t₃ in FIG. 3B.

Proposition 1: Let N be a C-TPTS with N=(P_(h)∪P_(m) ∪P₁, T, F, W, C), p∈{P_(h)∪P_(m)∪P₁} be an ES, M₀ be the initial marking of N, and M∈

(N, M₀) be a marking. At marking M, a large area blackout occurs in ES p if M (p)<p^(O).

Proof: At marking M, if M (p)<p^(O), ∃t∈p^(•) such that M [t

does not hold. This means that t cannot fire at marking M and ES p cannot supply electric power to its downstream ESs. Then, a large area blackout occurs in p.

For ES p₃ in FIG. 3B, p₃ ^(I)=5 KW, p₃ ^(O)=3 KW, and C(p₃)=15 KW, where KW represents kilowatts. Then, p₃ ^(A)=p₃ ^(I)−p₃ ^(O)=2 KW. If it is assumed that M₀ (p₃)=C(p₃), ∀M∈

(N, M₀), M (p₂)≥p₂ ^(O), and a fault occurs in the inputlines of “Tunisia Leasing” in FIG. 3A, then t₃ cannot fire to add tokens to p₃ in FIG. 3B.

With reference to FIG. 4A, there is show a situation where a fault occurs. Then, transition t₄ can continually fire five times since M(p ₃)=C(p ₃)−5p ₃ ^(O)=15 KW−5×3 KW=0 KW<p ₃ ^(O).

The processes of the operations are shown in FIGS. 4B and 4B. It is illustrated that ES p₃ can continually supply electric power to its downstream ESs until its power loads are exhausted. During the firing of t₄ for five times, the fault occurred in the input lines of p₃ should be detected and restored. Otherwise, a large area blackout will be caused. The fault occurrence evolution is illustrated in FIG. 4D.

Preferably, a model of supervisors may be implemented to detect faults for ESs by using finite capacity Petri nets. The detection module 110 may be arranged to detect the occurrence of the fault by monitoring variations of the input power and the output power, as well as the associated transitions, of the plurality of ESs 102.

In one example embodiment, the detection module 110 further comprises an electrical sensing module 118 arranged to obtain electrical parameters associated with the input power and the output power of the plurality of ESs 102, and the detection module 110 may compare the monitored/obtained parameter associated with the input power, the output power and the transitions monitored by the detection module 110 with a predetermined threshold, such that the detection module 110 may determine the occurrence of the fault based on a comparison result associated with the compared monitored parameter and the predetermined threshold.

In the following example, the electric power variations of each ES are supervised by a corresponding supervisor.

Property 1: Let N be a C-TPTS, p∈(P_(h)∪P_(m)∪P₁) be an ES, t∈T be a transition such that {t}=^(•)p, σ be a transition sequence such that ∀t_(i)∈p^(•), {right arrow over (σ)}(t_(i))=1, and M₁, M₂ ∈

(N, M₀) be two markings such that ∀p_(i)∈^(•)t, M₁(p_(i))≥W (p_(i), t), M₂(p_(i))≥W (p_(i), t), C(p)−M₁(p)≥p^(I), and M₁ [σ

M₂, where M₀ is the initial marking. A fault that occurs in the input lines of p can be detected at M₂ if: C(p)−M ₂(p)≥p ^(I) +p ^(O)  (5)

Proof: Since M₁ [σ

M₂, M₂ (p)=M₁ (p)+p^(I)−p^(O).

$\mspace{85mu}{{{{{By}\mspace{14mu}{C(p)}} - {M_{1}(p)}} \geq p^{I}},{{{C(p)} - {M_{2}(p)}} = {{{{C(p)} - {M_{1}(p)} - p^{I} + p^{O}} \geq {p^{I} - {{\overset{\rightarrow}{\sigma}(t)} \cdot {W\left( {t,p} \right)}} + p^{O}}} = {p^{I} + p^{O} - {{\overset{\rightarrow}{\sigma}(t)}*{{W\left( {t,p} \right)}.}}}}}}$

Eq. (5) holds if {right arrow over (σ)}(t)=0. This means that t cannot fire at marking M₁. However, t is enabled at marking M₁ since ∀p_(i)∈^(•)t, M₁ (p_(i))≥W (p_(i), t), and C(p)−M₁ (p)≥W (t, p). Therefore, it is ensured that a fault occurs in the input lines of p and the fault can be detected at marking M₂.

According to Property 1, ∀p∈(P_(h)∪P_(m)∪P₁), a fault that occurs in the input lines of p can be detected by monitoring the variation, i.e., C(p)−M (p), where M∈

(N, M₀) and M₀ is the initial marking of N.

With reference to FIG. 4A, M₀(p₃)=C(p₃)=15 KW. At marking M₀, it may not be determined that a fault occurs in the input lines of p₃. However, it may be determined that only t₄ is enabled since C(p₃)−M₀ (p₃)<W (t₃, p₃) When t₄ fires, thus: M ₁(p ₃)=M ₀(p ₃)−p ₃ ^(O)=12 KW,

where M₁ is a marking. Similarly, only t₄ is enabled at marking M₁ and t₃ is disabled since C (p₃)−M₁ (p₃)<W(t₃, p₃). When t₄ fires, M ₂(p ₃)=M ₁(p ₃)−p ₃ ^(O)=9 KW,

where M₂ is a marking. At marking M₂, t₃ and t₄ are enabled since C(p₃)−M₂ (p₃)=6>W (t₃, p₃)=5. If they fire, then M′ ₃(p ₃)=M ₂(p ₃)+p ₃ ^(I) −p ₃ ^(O)=11 KW,

where M′₃ is a marking. At marking M₂, it is assumed that a fault occurs in the input lines of p₃ (this means that t₃ cannot fire to add tokens to p₃). Therefore, only t₄ can fire at marking M₂. When t₄ fires, M′ ₃(p ₃)=M ₂(p ₃)−p ₃ ^(O)=6 KW,

where M′₃ is a marking. It is observed that: p ₃ ^(I) >C(p ₃)−M ₁(p ₃)=3 KW<p ₃ ^(I) +p ₃ ^(O)=8 KW, p ₃ ^(I) <C(p ₃)−M ₂(p ₃)=6 KW<p ₃ ^(I) +p ₃ ^(O)=8 KW, p ₃ ^(I) <C(p ₃)−M′ ₃(p ₃)=4 KW<p ₃ ^(I) +p ₃ ^(O)=8 KW, and p ₃ ^(I) <C(p ₃)−M ₃(p ₃)=9 KW>p ₃ ^(I) +p ₃ ^(O)=8 KW.

At markings M₀, M₁, M₂, and M′, it is not sure whether t₃ has fired. At marking M₃, it is sure that t₃ does not fire. Therefore, the fault that occurs in the input lines of p₃ can be detected by monitoring the variation, i.e., C (p₃)−M (p₃), where M∈

(N, M₀)

As discussed earlier, to detect faults in an ES, electric current sensor may be used to detect the electric power variation of the ES. If a fault is detected, a message may be sent to an electric controller to restore the fault.

Definition 2: Let N be a C-TPTS with N=(P_(h)∪P_(m)∪P₁, T, F, W, C) and p_(k)∈(P_(h)∪P_(m)∪P₁) be an ES. The supervisor of p_(k) is defined as a finite capacity Petri net N_(s) ^(pk)=({p_(k) ^(s), p_(k) ^(e)}, ^(•)p_(k)∪p_(k) ^(•)∪{t_(k) ^(d)}, F_(k), W_(k), C_(k)), where

1) p_(k) ^(s) is an electric current sensor and p_(k) ^(e) is an electric controller.

2) t_(k) ^(d) is a fault detecting operation.

3) F_(k)=F_(k) ^(i)∪F_(k) ^(j)∪{(p_(k) ^(s), t_(k) ^(d)), (t_(k) ^(d), p_(k) ^(s)), (t_(k) ^(d), p_(k) ^(e))} is the flow relation, where F _(k) ^(i)=∪_(t) _(i) _(∈•p) _(k) {(p _(k) ^(s) ,t _(i))} and F _(k) ⁴=∪_(t) _(j) _(∈p) _(k) _(•) {(t _(j) ,p _(k) ^(s) _(s))}.

4) W_(k): F_(k)→

is a mapping, where

${W_{k}(f)} = \left\{ \begin{matrix} {{W\left( \left( {t_{i},p_{k}} \right) \right)},} & {{f = \left( {p_{k}^{s},t_{i}} \right)},{\forall{t_{i} \in^{\bullet}p_{k}}},} \\ {{W\left( \left( {p_{k},t_{j}} \right) \right)},} & {{f = \left( {t_{j},p_{k}^{s}} \right)},{\forall{t_{j} \in^{\bullet}p_{k}^{\bullet}}},} \\ {{p_{k}^{I} + p_{k}^{o}},} & {{f \in \left\{ {\left( {p_{k}^{s},t_{k}^{d}} \right),\left( {t_{k}^{d},p_{k}^{s}} \right)} \right\}},} \\ {1,} & {f = {\left( {t_{k}^{d},p_{k}^{e}} \right).}} \end{matrix} \right.$

5) C_(k): {p_(k) ^(s), p_(k) ^(e)}→

is a mapping, where C_(k) (p_(k) ^(s))=C (p_(k)) and C_(k) (p_(k) ^(e))=2.

Definition 3: Let N be a C-TPTS with N=(P_(h) ∪P_(m) ∪P₁, T, F, W, C) and N_(s) ^(p1), N_(s) ^(p2), . . . and N_(s) ^(pn) be n supervisors with N_(s) ^(pk)=({p_(k) ^(s), p_(k) ^(e)}, •p_(k) ∪p_(k) ^(•))∪{t_(k) ^(d)}, F_(k), W_(k), C_(k)), where N_(s) ^(pk) is the supervisor of p_(k), p_(k)∈(P_(h)∪P_(m)∪P₁), n=|P_(n) ∪P_(m)∪P₁|, and 1≤k≤n. A supervised C-TPTS is defined as a finite capacity Petri net N_(sc)=(P_(sc)∪P_(scs) ∪P_(sce), T_(sc), F_(sc), W_(sc), C_(sc)), where

1) P_(sc)=(P_(h)∪P_(m)∪P₁),

2) P_(scs)=∪_(k=1) ^(P) ^(h) ^(∪P) ^(m) ^(∪P) ^(l) ^(|){p_(k) ^(s)},

3) P_(sce)=∪_(k=1) ^(|P) ^(h) ^(∪P) ^(m) ^(∪P) ^(l) ⁵¹ {p_(k) ^(e)},

4) T_(sc)=T ∪(∪_(k=1) ^(|P) ^(h) ^(∪P) ^(m) ^(∪P) ^(l) ^(|){t_(k) ^(d)}), and□

5) α_(sc)=α ∪(∪_(k=1) ^(|P) ^(h) ^(∪P) ^(m) ^(∪P) ^(l) ^(|)α_(k)). ∀α ∈{F, W, C}.□

With reference to FIGS. 5A to 5C, an ES p_(k), the supervisor N_(s) ^(pk) of p_(k), and the combined system that is constructed by p_(k) and N_(s) ^(pk), respectively. Referring to FIG. 5C, M₀=(n, 0, 0)^(T) is the initial marking. p_(k) and p_(k) ^(s) _(c) may construct a P-invariant (the total number of tokens in p_(k) and p_(k) ^(s) is an invariant). Then, ∀M∈

(N, M₀), and M(p _(k))+M(p _(k) ^(s))=M ₀(p _(k))=C(p _(k))  (6)

Thus, M(p_(k) ^(s))=C(p_(k))−M(p_(k)) is true. According to Property 1, a fault occurring in the input lines of p_(k) can be detected at marking M if M(p _(k) ^(s))≥p _(k) ^(I) +p _(k) ^(O)  (7)

Property 2: Let N_(ac) be a supervised C-TPTS, p_(k)∈P_(sc) be an ES that is controlled by its supervisor N_(s) ^(pk), and M be a marking of N_(sc). ∃M′∈

(N_(sc), M), M′(p_(k) ^(e))≥1 if C(p _(k))−M(p _(k))≥p _(k) ^(I) +p _(k) ^(O).

Proof: At marking M, if C(p_(k))−M(p_(k))≥p_(k) ^(I)+p_(k) ^(O), M(p_(k) ^(s))=C(p_(k))−M(p_(k))≥p_(k) ^(I)+p_(k) ^(O) according to Eq. (6). Therefore, t_(k) ^(d) is enabled at M since M(p_(k) ^(s))≥W(p_(k) ^(s), t_(k) ^(d)). Let σ be a transition sequence such that {right arrow over (σ)}(t_(k) ^(d))=1. Then, ∃ M′∈

(N_(sc), M) such that M [σ

M′ holds.

$\begin{matrix} {\;{{M^{\prime}\left( p_{k}^{e} \right)} = {{M\left( p_{k}^{e} \right)} + {{\overset{\rightarrow}{\sigma}\left( t_{k}^{d} \right)} \cdot {W\left( {t_{k}^{d},p_{k}^{e}} \right)}}}}} \\ {= {{M\left( p_{k}^{e} \right)} + {\overset{\rightarrow}{\sigma}\left( t_{k}^{d} \right)}}} \\ {= {{{M\left( p_{k}^{e} \right)} + 1} \geq 1}} \end{matrix}$

where M (p_(k) ^(e))≥0.

According to Property 2, a fault that occurs in the input lines of p_(k) is detected by the supervisor of p_(k) if M (p_(k) ^(e))≥1. With reference to FIG. 6A, there is provided an example embodiment of a combined system of an ES p₃ of FIG. 4A and its supervisor. Let M₀=(15, 0, 0)^(Y) be the initial marking with C(p₃)=M₀(p₃)=15. A fault occurs in the input lines of p₃ (t₃ cannot fire at all markings). After t₄ fires three times, a new marking M₁=(6, 9, 0)^(T) is reached by M₀ [t₄ t₄ t₄

M₁. Then M ₁(p ₃ ^(s))=C(p ₃)−M ₁(p ₃)=9>p ₃ ^(I) +p ₃ ^(O)=8.

Then, referring to FIG. 6B, the fault can be detected at marking M₁ (Eq. (7)). In its supervisor, W (p₃ ^(s), t₃ ^(d))=p₃ ^(I)+p₃ ^(O)=8. Then, t₃ ^(d) and t₄ are enabled at marking M₁. Therefore, a new marking M₂=(3, 12, 1)^(T) is obtained by M₁ [{t₄t₃ ^(d)}

M₂. Referring to FIG. 6C, at M₂, the fault is detected since M₂ (p₃ ^(e))=1 (Property 2).

Preferably, faults detected by the detection module 110 may be restored by the restoration module 112. In order to avoid large area blackouts during fault detection and restoration, the capacities for ESs 102 and their battery energy storage systems is estimated.

Let N_(sc) be a supervised C-TPTS. ∀p_(k)∈P_(sc), there may exist an ES p₁∈P_(sc) such that p_(k)≠p₁ and p_(k) is preconnected with p₁ by emergency lines and an electric switch if p _(l) ^(I) −p _(l) ^(O) =p _(l) ^(A) ≥p _(k) ^(O)  (8)

where the electric switch that is opened at initial states is controlled by the electric controller p_(k) ^(e) n the supervisor of p_(k). The preconnected ES p₁ is called the solution of p_(k). ES p_(k) may have several solutions. With reference to FIG. 7A, the preconnection between p_(k) and p₁ is illustrated, where t_(k) ^(e) is an electric switch that is controlled by p_(k) ^(e). Therefore, ∀M∈

(N_(sc), M₀) (M₀ is the initial marking of N_(sc)), p₁ can supply electric power to p_(k) if M(p₄ ^(e))≥1 (this represents that the corresponding electric switch between p_(l) and p_(k) is closed at marking M).

Definition 4: Let N_(sc) be a supervised C-TPTS with N_(sc)=(P_(sc)∪P_(scs)∪P_(sce), T_(sc), F_(sc), W_(sc), C_(sc)). An intelligent C-TPTS is defined as a finite capacity Petri net N_(ic)=(P_(ic) ∪P_(ics)∪P_(ice), T_(ic)∪T_(ew), F_(ic), W_(ic), C_(ic), E_(ic)), where

1) P_(ic)=P_(sc), P_(ics)=P_(scs), P_(ice)=P_(sce), T_(ic)=T_(sc), and C_(ic)=C_(sc).

2) T_(ew) is a set of electric switches.

3) E_(ic)⊆(P_(ic)×T_(ew)×P_(ic)) is the set of emergency supply relation, where ∀(p_(k), t_(k) ^(e), p₁)∈E_(ic), p_(l) is the solution of p_(k) (p_(k)∈P_(ic), t_(k) ^(e)∈T_(ew), and p₁∈P_(ic)).

4) F_(ic)=F_(sc)∪F_(ew), where

F_(ew)=∪_(∀(p) _(k) _(,t) _(k) _(e) _(,pl)∈E) _(ic) {(p_(k) ^(s), t_(k) ^(c)), (p_(k) ^(e), t_(k) ^(e)), (t_(k) ^(e), p_(k)), (p_(l), p_(k) ^(e))}, p_(l) ^(s)∈P_(scs), and p_(k) ^(e)∈P_(sce).

5) W_(ic)=W_(sc)∪W_(ew), where ∀(p_(k), t_(k) ^(e), p₁)∈E_(ic) such that W_(ew) ((p_(k) ^(s), t_(k) ^(e)))=W_(ew) ((t_(k) ^(e), p_(k))=W_(ew) ((p_(l), p_(k) ^(e)))=p_(k) ^(O) and W_(ew) ((p_(k) ^(e), t_(k) ^(e)))=1, where p_(k) ^(s)∈P_(scs) and p_(k) ^(e) _(e)∈P_(sce).

With reference to FIG. 7B, there is provided an example embodiment of a combinational structure of an ES p_(k), a solution of p_(k), and the supervisor of p_(k) in an intelligent C-TPTS. (p_(k), t_(k) ^(e), p₁)∈E_(ic) is an emergency supply relation. The intelligent C-TPTS has the property of automatic fault detection and restoration. Then, solution p₁ can supply electric power to p_(k) to restore a fault if the fault is detected by the supervisor of p_(k).

In order to avoid a large area blackout in an intelligent C-TPTS, each battery energy storage system of an ES should have suitable capacity to store enough power to maintain the output of the ES during the fault detection and restoration.

Definition 5: Let

be the set of real numbers and

be the set of integers. ┌x┐:

→

is a ceiling function such that ┌x┐=min{n∈

x≤n}, where x∈

.

For example, ┌2.1┐=3, ┌2.9┐=3, and ┌2┐=2.

Theorem 1: Let N_(ic) be an intelligent C-TPTS, p_(k)∈P_(ic) be an ES, N_(s) ^(pk) be the supervisor of p_(k), p₁ be a solution of p_(k), and M₀ be the initial marking of N_(ic) such that M₀ (p_(k))=C(p_(k)). The large area blackouts occurred in p_(k) can be avoided if

$\begin{matrix} \left\{ \begin{matrix} {{m = \left\lceil {\left( {p_{k}^{I} + p_{k}^{O}} \right)\text{/}p_{k}^{O}} \right\rceil},{m \in {\mathbb{N}}}} \\ {{{C\left( p_{k} \right)} \geq {\left( {m + 2} \right)p_{k}^{O}}},} \end{matrix} \right. & (9) \end{matrix}$

Proof: Let σ₁ be a transition sequence and (t_(i))=^(•)p_(k). If a fault occurs in the input lines of p_(k), then {right arrow over (σ₁)} (t_(i))=0. It is assumed that ∀t_(j)∈p_(k) ^(•), {right arrow over (σ₁)} (t_(j))=m, where m=┌(p_(k) ^(I)+p_(k) ^(O))/p_(k) ^(O)┐ and m∈

.

According to Property 1, ∃M₁ ∈

(N_(ic), M₀) such that C(p_(k))−M₁(p_(k))≥p_(k) ^(O)+p_(k) ^(O) and M₀[σ₁

M₁. Then, the fault can be detected at marking M₁ by supervisor N_(s) ^(pk)=({p_(k) ^(s), p_(k) ^(e)}, ^(•)p_(k) ∪p_(k) ^(•)∪{t_(k) ^(d)}, F_(k), W_(k), C_(k)).

$\begin{matrix} {{M_{1}\left( p_{k} \right)} = {{M_{0}\left( p_{k} \right)} + {{{\overset{\rightarrow}{\sigma}}_{1}\left( t_{i} \right)} \cdot {W\left( {t_{i},p_{k}} \right)}} - {\sum\limits_{t_{j \in p_{k}^{\bullet}}}{{{\overset{\rightarrow}{\sigma}}_{1}\left( t_{i} \right)} \cdot {W\left( {t_{i},p} \right)}}}}} \\ {= {{M_{0}\left( p_{k} \right)} - {\sum\limits_{\;_{\;^{t_{j \in p_{k}^{\bullet}}}}}{m \cdot {W\left( {p_{k},t_{j}} \right)}}}}} \\ {= {{M_{0}\left( p_{k} \right)} - {m \cdot {p_{k}^{O}.}}}} \end{matrix}$

Let σ₂ be a transition sequence such that {right arrow over (σ₁)}(t_(i))=0, ∀t_(j)∈p_(k) ^(•), {right arrow over (σ₁)}(t_(j))=1, and {right arrow over (σ₁)}(t_(k) ^(d))=1. According to Property 2, ∃M₂ ∈

(N_(ic), M₁) such that M₂ (p_(k) ^(p))≥1 and M₁ [σ₂

M₂. Then, the fault is detected by the supervisor N_(s) ^(pk) at marking M₂.

$\begin{matrix} {{M_{2}\left( p_{k} \right)} = {{M_{1}\left( p_{k} \right)} + {{{\overset{\rightarrow}{\sigma}}_{1}\left( t_{i} \right)} \cdot {W\left( {t_{i},p_{k}} \right)}} - {\sum\limits_{t_{j \in p_{k}^{\bullet}}}{{{\overset{\rightarrow}{\sigma}}_{1}\left( t_{i} \right)} \cdot {W\left( {p_{k},t_{j}} \right)}}}}} \\ {= {{M_{1}\left( p_{k} \right)} - {\sum\limits_{t_{j \in p_{k}^{\bullet}}}{m \cdot {W\left( {p_{k},t_{j}} \right)}}}}} \\ {= {{M_{1}\left( p_{k} \right)} - p_{k}^{O} - {M_{0}\left( p_{k} \right)} - {\left( {m + 1} \right){p_{k}^{O}.}}}} \end{matrix}$

The ES p₁ is the solution of p_(k) and the electric switch between p₁ and p_(k) is controlled by p_(k) ^(e). Therefore, p₁ begins to supply electric power to p_(k) since the electric switch is closed at marking M₂, i.e., M₂ (p_(k) ^(e))≥1. In order to avoid large area blackouts in p_(k), ∀M∈

(N_(ic), M₀), M (p_(k))≥p_(k) ^(O). Therefore, M ₂(p _(k))=M ₀(p _(k))+(m+1)p _(k) ^(O)

M ₀(p _(k))≥(m+2)p _(k) ^(O).

Since M₀(p_(k))=C(p_(k)), □

$\quad\left\{ \begin{matrix} {{m = \left\lceil {\left( {p_{k}^{I} + p_{k}^{O}} \right)\text{/}p_{k}^{O}} \right\rceil},{m \in {\mathbb{N}}}} \\ {{{C\left( p_{k} \right)} \geq {\left( {m + 2} \right)p_{k}^{O}}},} \end{matrix} \right.$

According to Theorem 1, ∀p_(k)∈P_(ic), if p_(k) is supervised by a supervisor, the faults that occur in the input lines of p_(k) can be detected. If p_(k) has a solution, the fault that is detected by its supervisor can be restored. If the capacity of battery energy storage system in p_(k) satisfies Eq. (9), large area blackouts that may be caused by the faults can be avoided during the fault detection and restoration.

In yet another example embodiment, with reference to FIG. 3B, it may be assumed that p₃ ^(I)=5 KW (kilowatts), p₃ ^(O)=3 KW, p₄ ^(I)=7 KW, and p₄ ^(O)32 4 KW. Then, p₄ ^(A)=p₄ ^(I)−p₄ ^(O)=3 KW and m=┌(p₃ ^(I)+p₃ ^(O))/p₃ ^(O)┐=┌8/31┐=3. Thus, C(p ₃)≥(m+2)p ₃ ^(O)=(3+2)3 KW=15 KW.

Let C(p₃)=15 KW. Similarly, C(p₄)=20 KW and p₄ is a solution of p₃ by p¹ ₄ ^(A)=p₃ ^(O), as illustrated in FIG. 8A. If a fault occurs in the input lines of p₃ (this means that t₃ cannot fire to add tokens to p₃), the fault should be detected by the supervisor of p₃ and be restored by its solution p₄. Referring to FIG. 8B, there is shown the combined system. The initial marking is M₀=(15, 20, 0, 0)^(T) and the input and output matrices are

${\lbrack N\rbrack^{+} = {{\begin{pmatrix} 500003 \\ 007000 \\ 030080 \\ 0000100 \end{pmatrix}\mspace{14mu}{{and}\mspace{14mu}\lbrack N\rbrack}^{-}} = \begin{pmatrix} 030000 \\ 000403 \\ 500083 \\ 000001 \end{pmatrix}}}\mspace{14mu}$

At marking M₀, t₄ and t₆ are enabled and t₅ is disabled due to C(p₄)−M₀(p₄)=0<W(t₅, p₄)=7. Let σ₁=(t₄ t₆), {right arrow over (σ₁)}=(0, 1, 0, 1, 0, 0)^(T). When t₄ and t₆ fire, M ₁ =M ₀ +[N] ⁺·{right arrow over (σ₁)}−[N] ⁻#{right arrow over (σ₁)}=(12,16,3,0)^(T),

where M₁ is a new marking. At marking M₁, t₄ and t₆ are enabled and t₅ is disabled by C(p₄)−M₁(p₄)=4<W (t₅, p₄)=7.

Let σ₂={t₄ t₆}. Then, {right arrow over (σ₂)}=(0, 1, 0, 1, 0, 0)^(T). When t₄ and t₆ fire, M ₂ =M ₁ +[N] ⁺·{right arrow over (σ₂)}−[N] ⁻·{right arrow over (σ₂)}=(9,12,6,0)^(T),

where M₂ is a new marking. At marking M₂, t₄, t₅, and t₆ are enabled by C(p₄)−M₂(p₄)=8>W(t₅, p₄)=7. Let σ₃={t₄t₅t₆}. Then, {right arrow over (σ₃)}=(0, 1, 1, 1, 0, 0)^(T). When t₄, t₅, and t₆ fire, M ₃ =M ₂ +[N] ⁺#{right arrow over (σ₃)}−[N] ⁻#{right arrow over (σ₃)}=(6,15,9,0)^(T),

where M₃ is a new marking. The marking M₃ is illustrated in FIG. 8C. At marking M₃, t₄, t₆, and t₃ ^(d) are enabled. Let σ₄={t₄t₆t₃ ^(e)}, {right arrow over (σ₄)}=(0, 1, 0, 1, 1, 0)^(T). When t₄, t₆, and t₃ ^(d) (the fault is detected) fire, M ₄ =M ₃ +[N] ⁺·{right arrow over (σ₄)}−[N] ⁻·{right arrow over (σ₄)}=(3,11,12,1)^(T),

where M₄ is a new marking. The marking M₄ is illustrated in FIG. 8D. At marking M₄, t₄, t₅, t₆, t₃ ^(d), and t₃ ^(e) are enabled. Let σ₅={t₄t₅t₆ t₃ ^(e)}, {right arrow over (σ₅)}=(0, 1, 1, 1, 1, 1)^(T). When t₄, t₅, t₆, t₃ ^(d), and t₃ ^(e) fire, M ₅ =M ₄ +[N] ⁺·{right arrow over (σ₅)}−[N] ⁻·{right arrow over (σ₅)}=(3,11,12,1)^(T) =M ₄,

where M₅ is a new marking. Then, ∀M∈

(N_(ic), M₄) t₄, t₅, t₆, and t₃ ^(e) are enabled. When they fire, M=M ₄ +[N] ⁺ ·{right arrow over (σ)}−[N] ⁻ ·{right arrow over (σ)}=M ₄,

where σ is a transition sequence such that σ=σ₅ and {right arrow over (σ)}={right arrow over (σ₅)}. The entire processes are illustrated in FIG. 8E. Therefore, the electric power of p₃ can be supplied from p₄. The fault is restored and a large area blackout is avoided.

These embodiments are advantageous in that the controller systems may prevent large area blackouts by automatically detect and restore a fault occurred in a power transmission network of a power transmission system. Each ES in a TPTS may be supervised by a corresponding supervisor. The electric power variations of the ES are monitored by the supervisor of the ES, and the supervisor may detect faults that occur in the input lines of the ES.

Advantageously, the ES may be preconnected with other ESs such that these preconnected ESs may supply electric power to the faulty ES to restore the faults. In addition, the ES may also contain a battery energy storage system to store electric power for the temporary output of the ES during its fault detection and restoration. Therefore, large area blackouts are avoided with the temporary supply of the battery energy storage system.

Moreover, the TPTS may be formally modelled and represented by Petri nets and the correctness of the fault detection and restoration is verified by the mathematical analysis methods of Petri nets. For example, the controller system may be simulated by IEC 61499 and may be implemented in PLCs (Programmable Logic Controllers) to construct a virtual smart grid. The correctness of the fault detection and restoration may then be verified by analyzing such a virtual smart grid.

It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.

Any reference to prior art contained herein is not to be taken as an admission that the information is common general knowledge, unless otherwise indicated. 

The invention claimed is:
 1. A system for controlling a power transmission system comprising: a detection module arranged to detect an occurrence of a fault in at least one faulty electrical substation of a plurality of electrical substations of the power transmission system; and a restoration module arranged to at least temporally maintain an output power of the at least one faulty electrical substation; and wherein at least one of the plurality of electrical substations is operable to facilitate maintaining the output of the at least one faulty electrical substation upon the detection of the occurrence of the fault, wherein the fault is a failure of receiving an input power from an original energy source in the at least one faulty electrical substation.
 2. The system in accordance with claim 1, wherein the restoration module is further arranged to activate an auxiliary energy source arranged to at least temporally maintain the output power of the at least one faulty electrical substation.
 3. The system in accordance with claim 2, wherein the auxiliary energy source includes at least one healthy electrical substations of the plurality of electrical substations, wherein the at least one healthy electrical substation is different from the at least one faulty electrical substation.
 4. The system in accordance with claim 3, wherein at least two of the plurality of electrical substations are electrically interconnected.
 5. The system in accordance with claim 4, when the at least two interconnected electrical substations include the at least one faulty electrical substation and the at least one healthy electrical substation, the at least one healthy electrical substation is configured to supply the input power to the at least one faulty electrical substation interconnected thereto so as to maintain the output of the at least one faulty electrical substation upon the occurrence of the fault.
 6. The system in accordance with claim 4, wherein the at least two interconnected electrical substations belong to a same tier of a hierarchy of the power transmission system.
 7. The system in accordance with claim 4, wherein the at least two interconnected electrical substations belong to a same stage of different branches of the power transmission system.
 8. The system in accordance with claim 3, wherein the electrical connectivity between the interconnected electrical substations are controlled by the restoration module.
 9. The system in accordance with claim 2, wherein the auxiliary energy source includes an energy storage system.
 10. The system in accordance with claim 1, wherein the detection module is arranged to detect the occurrence of the fault by monitoring variations of the input power and the output power of the plurality of electrical substations.
 11. The system in accordance with claim 10, wherein the detection module is further arranged to monitor transitions associated with the variations of the input power and the output power.
 12. The system in accordance with claim 11, wherein the detection module is further arranged to compare a monitored parameter associated with the input power, the output power and the transitions monitored by the detection module with a predetermined threshold, such that the detection module is further arranged to determine the occurrence of the fault based on a comparison result associated with the compared monitored parameter and the predetermined threshold.
 13. The system in accordance with claim 12, wherein the detection module is arranged to represent the plurality of electrical substations and the monitored transitions as one or more petri nets.
 14. A power transmission system comprising: a plurality of electrical substations and a plurality of transmission lines arranged to connects the plurality of electrical substations to form a power transmission network; and a controller system arranged to control a power transmission within the power transmission network, wherein the controller system includes: a detection module arranged to detect an occurrence of a fault in at least one faulty electrical substation of the plurality of electrical substations; and a restoration module arranged to at least temporally maintain an output power of the at least one faulty electrical substation; and wherein at least one of the plurality of electrical substations is operable to facilitate maintaining of the output of the at least one faulty electrical substation upon the detection of the occurrence of the fault, wherein the fault is a failure of receiving an input power from an original energy source in the at least one faulty electrical substation.
 15. The power transmission system in accordance with claim 14, wherein at least two of the plurality of electrical substations are electrically interconnected, and when the at least two interconnected electrical substations include the at least one faulty electrical substation and at least one healthy electrical substation, the at least one healthy electrical substation is configured to supply the input power to the at least one faulty electrical substation interconnected thereto so as to maintain the output of the at least one faulty electrical substation upon the occurrence of the fault.
 16. The power transmission system in accordance with claim 15, further comprising an electrical switch arranged to selectively connect the at least two interconnected electrical substations electrically, wherein the electrical switch is controlled by the restoration module.
 17. The power transmission system in accordance with claim 14, wherein the restoration module further comprises an energy storage system arranged to temporally maintain the output power of the at least one faulty electrical substation.
 18. The power transmission system in accordance with claim 14, wherein the detection module further comprises an electrical sensing module arranged to obtain electrical parameters associated with the input power and the output power so as to facilitate the detection of the occurrence of the fault in the plurality of the electrical substations based on the electrical parameters. 